Appropriate HTTP status code for request specifying invalid Content-Encoding header?

http http-headers http-status-codes
rdlowrey picture rdlowrey · Jul 12, 2012 · Viewed 19.9k times · Source

What status code should be returned if a client sends an HTTP request and specifies a Content-Encoding header which cannot be decoded by the server?

Example

A client POSTs JSON data to a REST resource and encodes the entity body using the gzip coding. However, the server can only decode DEFLATE codings because it failed the gzip class in server school.

What HTTP response code should be returned? I would say 415 Unsupported Media Type but it's not the entity's Content-Type that is the problem -- it's the encoding of the otherwise supported entity body.

Which is more appropriate: 415? 400? Perhaps a custom response code?

Addendum: I have, of course, thoroughly checked rfc2616. If the answer is there I may need some new corrective eyewear, but I don't believe that it is.

Update:

This has nothing to do with sending a response that might be unacceptable to a client. The problem is that the client is sending the server what may or may not be a valid media type in an encoding the server cannot understand (as per the Content-Encoding header the client packaged with the request message).

It's an edge-case and wouldn't be encountered when dealing with browser user-agents, but it could crop up in REST APIs accepting entity bodies to create/modify resources.

Answer

cHao picture cHao · Jul 13, 2012

As i'm reading it, 415 Unsupported Media Type sounds like the most appropriate.

From RFC 2616:

10.4.16 415 Unsupported Media Type

The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.

Yeah, the text part says "media type" rather than "encoding", but the actual description doesn't include any mention of that distinction.

The new hotness, RFC 7231, is even explicit about it:

6.5.13. 415 Unsupported Media Type

The 415 (Unsupported Media Type) status code indicates that the
origin server is refusing to service the request because the payload
is in a format not supported by this method on the target resource.
The format problem might be due to the request's indicated
Content-Type or Content-Encoding, or as a result of inspecting the
data directly.

Related questions

application/x-www-form-urlencoded or multipart/form-data?

In HTTP there are two ways to POST data: application/x-www-form-urlencoded and multipart/form-data. I understand that most browsers are only able to upload files if multipart/form-data is used. Is there any additional guidance when to use one of …

Read More
How do we control web page caching, across all browsers?

Our investigations have shown us that not all browsers respect the HTTP cache directives in a uniform manner. For security reasons we do not want certain pages in our application to be cached, ever, by the web browser. This must …

Read More
Accessing the web page's HTTP Headers in JavaScript

How do I access a page's HTTP response headers via JavaScript? Related to this question, which was modified to ask about accessing two specific HTTP headers. Related: How do I access the HTTP request header fields via JavaScript?

Read More